This repository has been archived by the owner on Dec 22, 2024. It is now read-only.
generated from cotes2020/chirpy-starter
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add notes for Cyber Threat Intelligence
- Loading branch information
1 parent
c06d0fb
commit 5e1b23e
Showing
108 changed files
with
1,351 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
192 changes: 192 additions & 0 deletions
192
_posts/2023-04-27-data-loss-prevention-and-mobile-endpoint-protection.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,192 @@ | ||
| --- | ||
| author: [abuturab, admin] | ||
| title: "Data Loss Prevention and Mobile Endpoint Protection" | ||
| date: 2023-04-27 18:25:00 +0500 | ||
| tags: ['IBM Cybersecurity Analyst/Cyber Threat Intelligence'] | ||
| category: ['My Notes', 'Cybersecurity and Networks'] | ||
| img_path: /assets/notes | ||
| image: | ||
| path: cyber-threat-intelligence.jpeg | ||
| alt: 'Credits: Image by standret on Freepik' | ||
| published: true | ||
| --- | ||
|
|
||
| ## **What is Data Security and Protection?** | ||
|
|
||
| Protecting the: | ||
| - Confidentiality | ||
| - Integrity | ||
| - Availability | ||
|
|
||
| Of Data: | ||
| - In transit | ||
| - At rest | ||
| - Databases | ||
| - Unstructured Data (files) | ||
| - On endpoints | ||
|
|
||
| ### What are we protecting against? | ||
|
|
||
| **Deliberate attack:** | ||
| - Hackers | ||
| - Denial of Service | ||
|
|
||
| **Inadvertent attacks:** | ||
| - Operator error | ||
| - Natural disaster | ||
| - Component failure | ||
|
|
||
| ## **Data Security Top Challenges** | ||
|
|
||
| - Explosive data growth | ||
| - New privacy regulations (GDPR, Brazil’s LGPD etc.) | ||
| - Operational complexity | ||
| - Cybersecurity skills shortage | ||
|
|
||
| ## **Data Security Common Pitfalls** | ||
|
|
||
| Five epic fails in Data Security: | ||
| - Failure to move beyond compliance | ||
| - Failure to recognize the need for centralized data security | ||
| - Failure to define who owns the responsibility for the data itself | ||
| - Failure to address known vulnerabilities | ||
| - Failure to prioritize and leverage data activity monitoring | ||
|
|
||
| ## **Industry Specific Data Security Challenges** | ||
|
|
||
| ### Healthcare | ||
|
|
||
| - Process and store combination of personal health information and payment card data. | ||
| - Subject to strict data privacy regulations such as HIPAA. | ||
| - May also be subject to financial standards and regulations. | ||
| - Highest cost per breach record. | ||
| - Data security critical for both business and regulatory compliance. | ||
|
|
||
| ### Transportation | ||
|
|
||
| - Critical part of national infrastructure | ||
| - Combines financially sensitive information and personal identification | ||
| - Relies on distributed IT infrastructure and third party vendors | ||
|
|
||
| ### Financial industries and insurance | ||
|
|
||
| - Most targeted industry: 19% of cyberattacks in 2018 | ||
| - Strong financial motivation for both external and internal attacks | ||
| - Numerous industry-specific regulations require complex compliance measures | ||
|
|
||
| ### Retail | ||
|
|
||
| - Among the most highly targeted groups for data breaches | ||
| - Large number of access points in retail data lifecycle | ||
| - Customers and associates access and share sensitive data in physical outlets, online, mobile applications | ||
|
|
||
| ## **Capabilities of Data Protection** | ||
|
|
||
| **The Top 12 critical data protection capabilities:** | ||
| 1. Data Discovery | ||
| - Where sensitive data resides | ||
| - Cross-silo, centralized efforts | ||
| 2. Data Classification | ||
| - Parse discovered data sources to determine the kind of data | ||
| 3. Vulnerability Assessment | ||
| - Determine areas of weakness | ||
| - Iterative process | ||
| 4. Data Risk analysis | ||
| - Identify data sources with the greatest risk exposure or audit failure and help prioritize where to focus first | ||
| - Build on classification and vulnerability assessment | ||
| 5. Data and file activity monitoring | ||
| - Capture and record real-time data access activity | ||
| - Centralized policies | ||
| - Resource intensive | ||
| 6. Real-time Alerting | ||
| 7. Blocking Masking, and Quarantining | ||
| - Obscure data and/or blocking further action by risky users when activities deviate from regular baseline or pre-defined policies | ||
| - Provide only level of access to data necessary | ||
| 8. Active Analytics | ||
| - Capture insight into key threats such as, SQL injections, malicious stored procedures, DoS, Data leakage, Account takeover, data tampering, schema tampering etc | ||
| - Develop recommendations for actions to reduce risk | ||
| 9. Encryption | ||
| 10. Tokenization | ||
| - A special type of format-preserving encryption that substitutes sensitive data with a token, which can be mapped to the original value | ||
| 11. Key Management | ||
| - Securely distribute keys across complex encryption landscape | ||
| - Centralize key management | ||
| - Enable organized, secure key management that keeps data private and compliant | ||
| 12. Automated Compliance Report | ||
| - Pre-built capabilities mapped to specific regulations such as GDPR, HIPAA, PCI-DSS, CCPA and so on | ||
| - Includes: | ||
| - Audit workflows to streamline approval processes | ||
| - Out-of-the-box reports | ||
| - Pre-built classification patterns for regulated data | ||
| - Tamper-proof audit repository | ||
|
|
||
| {: w="650" h="350"} | ||
|
|
||
| ## **Data Protection – Industry Example** | ||
|
|
||
| ### Guardium support the data protection journey | ||
|
|
||
| {: w="650" h="350"} | ||
|
|
||
| ### Guardium – Data Security and Privacy | ||
|
|
||
| - Protect all data against unauthorized access | ||
| - Enable organizations to comply with government regulations and industry standards | ||
|
|
||
| {: w="650" h="350"} | ||
|
|
||
| {: w="650" h="350"} | ||
|
|
||
| ## **Mobile Endpoint Protection** | ||
|
|
||
| **iOS** | ||
| - Developed by Apple | ||
| - Launched in 2007 | ||
| - ~13% of devices (based on usage) | ||
| - ~60% of tablets worldwide run iOS/iPadOS | ||
| - MDM capabilities available since iOS 6 | ||
|
|
||
| **Android** | ||
| - Android Inc. was a small team working on an alternative to Symbian and Windows Mobile OS. | ||
| - Purchased by Google in 2005 – the Linux kernel became the base of the Android OS. Now developed primarily by Google and a consortium known as **Open Handset Alliance.** | ||
| - First public release in 2008 | ||
| - ~86% of smartphones and ~39% of tablets run some form of Android. | ||
| - MDM capabilities since Android 2.2. | ||
|
|
||
| ### How do mobile endpoints differ from traditional endpoints? | ||
|
|
||
| - Users don’t interface directly with the OS. | ||
| - A series of applications act as a broker between the user and the OS. | ||
| - OS stability can be easily monitored, and any anomalies reported that present risk. | ||
| - Antivirus software can “see” the apps that are installed on a device, and reach certain signatures, but can not peek inside at their contents. | ||
|
|
||
| ### Primary Threats To Mobile Endpoints | ||
|
|
||
| **System based:** | ||
| - Jailbreaking and Rooting exploit vulnerabilities to provide root access to the system. | ||
| - Systems that were previously read-only can be altered in malicious ways. | ||
| - One primary function is to gain access to apps that are not approved or booting. | ||
| - Vulnerabilities and exploits in the core code can open devices to remote attacks that provide root access. | ||
|
|
||
| **App based threats:** | ||
| - Phishing scams – via SMS or email | ||
| - Malicious code | ||
| - Apps may request access to hardware features irrelevant to their functionality | ||
| - Web content in mobile browsers, especially those that prompt for app installations, can be the root cause of many attacks | ||
|
|
||
| **External:** | ||
| - Network based attacks | ||
| - Tethering devices to external media can be exploited for vulnerabilities | ||
| - Social engineering to unauthorized access to the device | ||
|
|
||
| ### Protection mobile assets | ||
|
|
||
| - **MDM:** Control the content allowed on the devices, restrict access to potentially dangerous features. | ||
| - **App security**: Report on the health and reliability of applications, oftentimes before they even make it on the devices. | ||
| - **User Training** | ||
|
|
||
| ### Day-to-day operations | ||
|
|
||
| While it may seem like a lot to monitor hundreds, thousands, or hundreds of thousands of devices daily, much of the information can be digested by automated systems and action taken without much admin interactions. | ||
|
|
||
| {: w="650" h="350"} |
Oops, something went wrong.